Over the past several years, SANS has seen a gradual maturation of cyber threat intelligence (CTI) and its applications in information security. This paper, based on results from the 2020 SANS CTI Survey, provides guidance on how organizations of all types can get the most out of CTI.

This SANS survey, directed at cybersecurity professionals who use or are interested in AI, examines perceptions about AI's basic capabilities for security and what technologies--including deep learning, various recognition techniques, machine learning and others--are considered part of AI for security. The survey also examines whether, how and when security experts will begin implementing AI for security and how they intend to use it.

John Pescatore of the SANS Institute leads a discussion on how to overcome the most commonly cited barriers to improving security operations. Gain perspective on integrating processes and controls used by networks operations with those used for security operations; using timely, accurate threat intelligence to proactively tune detection and protection controls; and assuring that defenses can withstand complex, multi-pronged attacks both today and in the future.

The SANS Analyst team reviewed Securonix Next-Gen SIEM, which includes many advanced features for reducing detection and response time for security operations and investigations, and processing large quantities of data from numerous sources in real time.

This paper highlights the best-in-breed features of Swimlane: its ease of use, customizability, role-based access control and current technology integrations. We put Swimlane through its paces in a triage of a typical phishing email, applying the concept of componential workflow automation.

Once attackers compromise a network, they attempt to maintain a persistent presence in the network and focus on data access and exfiltration. Such east-west attacks can be challenging to detect and remediate. SANS reviewed ExtraHop Networks Reveal(x) network traffic analysis platform, which aims to address the east-west challenge. Read on to learn more.

It is important that IT departments leverage automated analytics and machine learning solutions that connect the dots between seemingly random events and provide much-needed context, visibility and actionable advice. In this paper, we explain how to utilize and integrate analytics and machine learning to reduce the load on security professionals, while increasing visibility and accurately predicting attackers' next steps.

Survey respondents have become more aware of the value of analytics and have moved beyond using them simply for detection and response to using them to measure and aid in improving their overall risk posture. Still, we’ve got a long way to go before analytics truly progresses in many security organizations. Read on to learn more.

The pace and sophistication of data breaches is growing all the time. Anyone with valuable secrets can be a target, and likely already is. According to the Privacy Rights Clearinghouse, at the time of this writing, 884,903,517 records were breached in 4,621 incidents documented since 2005. This number is just an estimate based on publicly disclosed and well-documented incidents; the real number is likely much higher. According to data available from datalossdb.org, the size of the major breaches over the past several years has grown significantly.

Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact webmaster@sans.org.

All papers are copyrighted. No re-posting or distribution of papers is permitted.